1. Field of the Invention
The present invention is directed to a method for the secure distribution of security modules, particularly for postage meter machines, from a manufacturing location via a distribution location and a user location. The invention also is directed to a distribution system for the secure distribution of security modules.
2. Description of the Prior Art
Like microprocessors and memory modules, security modules, particularly embedded systems can be manufactured in large numbers at central locations that are especially suited for mass production. Such security modules are utilized in various devices, particularly in those devices wherein specific values of their users are stored. Examples are postage meter machines, cash registers, electronic purses, PCs, notebooks, palmtops and mobile telephones. When these devices are likewise mass-produced goods, then the customer—the later user—is most comfortable acquiring these together with the appertaining security module directly by mail order or retail sales, usually without any further contact with the manufacturer of the security modules.
In order to assure a dependable cryptographic initialization and an efficient distribution of the security modules, the initialization should ensue at the production location. This would require central or decentralized initialization centers, that would be cost-intensive. In general, the production locations for mass products, and the locations of their subsequent operators that would be liable to damage due to compromised keys are in different countries, and thus, in different jurisdictions. Legal-based assertions between producers and operators of security modules are thus made more difficult from the very outset, however, it would be desirable to make them as rare as possible, or to avoid them entirely on the basis of measures that instill technical confidence. If there were manufacturing sources that the user does not trust, then there would be a security problem. To allow the subsequent operator to inspect the production process would be impractical and costly.
Various models of postage meter machines currently in the marketplace are equipped with a postal security device having a security module. This essentially serves for storing and accounting electronic postage fees and for generating electronic signatures for generating valid franking imprints (indicia). The security module must, obviously be protected against any and all type of manipulation during production, during transport and when used. This usually currently ensues with mechanical protective measures such as a closed housing around the security module. Moreover, every produced security module is cryptographically initialized and registered (certified) before it can be placed into use. Since, however, this preferably ensues at the location at which the security module is produced, the security demands of national postal authorities such as the U.S. Postal Service are not met. These demand an assurance for the security of security modules during transport as well and before initialization, particularly a registration at the final user of the postage meter machine or at a national service center. This, however, requires the establishment of national service centers and means an increased outlay for time, equipment, packaging and other handling.